From the journal

EU Council and Parliament Agree to Delay High-Risk AI Compliance Deadlines, 7 May 2026

On 7 May 2026, the European Parliament and Council of the European Union reached a provisional political agreement under the Digital Omnibus package to amend Regulation (EU) 2024/1689 (the EU AI Act). The agreement postpones the application of high-risk AI obligations under Articles 6(1) and 6(2) and adds a new prohibition on AI-generated non-consensual intimate imagery. Formal adoption is expected before 2 August 2026.

3 min read

On 7 May 2026, the European Parliament and the Council of the European Union reached a provisional political agreement under the European Commission's Digital Omnibus package, amending Regulation (EU) 2024/1689 (the EU AI Act). The agreement is at the provisional stage and requires formal adoption by both institutions, expected before 2 August 2026. The urgency arose because the existing text of Article 6(2) would have required providers of stand-alone high-risk AI systems listed in Annex III to comply from 2 August 2026.

The agreement amends Articles 6(1) and 6(2) of Regulation (EU) 2024/1689. Under the revised schedule, Article 6(2) obligations, which cover Annex III high-risk AI systems, apply from 2 December 2027, extended from the original date of 2 August 2026. Article 6(1) obligations, which cover AI systems used as safety components in Annex I products subject to third-party conformity assessment, apply from 2 August 2028, extended from 2 August 2027. The agreement also introduces a new prohibited practice under Article 5 covering AI systems that generate non-consensual sexual or intimate content, effective from 2 December 2026.

Providers developing Annex III AI systems, which include tools used in employment decisions, credit scoring, biometric categorisation, and access to education or essential services, now have until 2 December 2027 to achieve conformity. Manufacturers embedding AI in safety-critical Annex I products, including medical devices, machinery, and aviation components, have until 2 August 2028. AI platforms and content generation services must remove or disable non-consensual intimate imagery generation capabilities by 2 December 2026.

The agreement also reduces from six months to three months the grace period providers of general-purpose AI models had to implement transparency markings for AI-generated content, setting the effective date at 2 December 2026. National competent authorities must establish AI regulatory sandboxes by 2 August 2027. The precise text of the amending regulation will be published after legal-linguistic review by both institutions; its exact wording may affect how providers interpret their revised compliance timelines.

Licentium advises clients active in the EU AI Act compliance cycle and can assist with high-risk AI classification, conformity assessment structuring, and preparing documentation aligned with the revised Annex III and Annex I deadlines. Our partner network includes counsel in Germany, France, and Malta. Work we undertake includes AI Act compliance scoping, provider and deployer obligation mapping, general-purpose AI model transparency obligations, and prohibited practices gap analysis.

Source: Council of the European Union, Artificial Intelligence: Council and Parliament agree to simplify and streamline rules, 7 May 2026

AI Regulatory

More from the journal

See all

Illinois signs Artificial Intelligence Safety Measures Act into law, effective January 2027

Governor JB Pritzker signed the Illinois Artificial Intelligence Safety Measures Act on 6 July 2026, making Illinois the first US state to require mandatory annual third-party audits of frontier AI model developers. The Act applies to large frontier developers operating or deploying models in Illinois, requires transparency reports before each new or substantially modified frontier model deployment, and establishes civil penalties. Core obligations take effect 1 January 2027.

UK consults on modernising payment services regulation covering stablecoins and AI agents, 2026

HM Treasury launched a consultation on modernising the UK payment services regulatory regime, with responses due by 6 October 2026. The consultation addresses how to adapt regulation for tokenised payments including qualifying stablecoins, Open Banking expansion, and agentic AI systems authorised to conduct payments. It follows the February 2026 Payments Forward Plan and the government's decision to transfer Payment Systems Regulator functions to the Financial Conduct Authority.

Hong Kong SFC mandates phishing-resistant authentication for internet brokers and VATPs, July 2026

The Hong Kong Securities and Futures Commission issued a circular on 9 July 2026 requiring licensed corporations engaged in electronic trading and SFC-licensed virtual asset trading platform operators to replace one-time passwords with phishing-resistant authentication methods. Covered firms must implement passkeys or bound-device recognition for client login and device binding. Large internet brokers must act immediately. All other in-scope firms have up to 12 months to comply.